Palo Alto Networks Unit 42 security researcher found a malware that targets the MAC devices and enable hackers to steal browser cookies, login credentials of cryptocurrency exchanges and wallet service websites.
The malware known as ‘OSX.DarthMiner’ can steals saved passwords in Chrome, iPhone text messages from iTunes backups on the tethered Mac.
How it Works?
By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, the researchers believe the cyber attackers could bypass multi-factor authentication for these sites.
If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves.
The Websites store cookies on your browser to keep track your web activities.
You can read here- How to do Web Cookies work in Browser
The malware also configures the system to load coin-mining software on the targeted system. This software is made to look like an XMRig-type coin-miner, which is used to mine Monero. In fact, though, it loads a coin-miner that mines Koto, a lesser-known cryptocurrency that is associated with Japan.
The researchers given name to this Malware “CookieMiner” because it attacks the cookies associated with exchanges.
CookieMiner tries to navigate past the authentication process by stealing a combination of the login credentials, text messages, and web cookies. If the bad actors successfully enter the websites using the victim’s identity, they could perform fund withdrawals.
Previously, we have published about CryptoJacking, it is the top Cybersecurity threat. A Technique Using By Hackers To Mine Cryptocurrencies. But CookieMiner is the little different.
Technical Details
A rundown of CookieMiner’s behaviors (discussed in more detail in the following sections):
- Steals Google Chrome and Apple Safari browser cookies from the victim’s machine
- Steals saved usernames and passwords in Chrome
- Steals saved credit card credentials in Chrome
- Steals iPhone’s text messages if backed up to Mac
- Steals cryptocurrency wallet data and keys
- Keeps full control of the victim using the EmPyre backdoor
- Mines cryptocurrency on the victim’s machine
Conclusion
The malware “CookieMiner” is intended to help threat actors generate profit by collecting credential information and mining cryptocurrency. If attackers have all the needed information for the authentication process, the multi-factor authentication may be defeated. Cryptocurrency owners should keep an eye on their security settings and digital assets to prevent compromise and leakage.
